提交 416358d9 编写于 作者: D Daniel P. Berrange

remote: allow TLS protocol/cipher priority override in URI

Add support for a "tls_priority" URI parameter in remote
driver URIs. eg

 qemu+tls://localhost/session?tls_priority=NORMAL:-VERS-SSL3.0Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
上级 c7d0fbe6
......@@ -228,6 +228,19 @@ Note that parameter values must be
<td colspan="2"/>
<td> Example: <code>name=qemu:///system</code> </td>
</tr>
<tr>
<td>
<code>tls_priority</code>
</td>
<td> tls </td>
<td>
A vaid GNUTLS priority string
</td>
</tr>
<tr>
<td colspan="2"/>
<td> Example: <code>tls_priority=NORMAL:-VERS-SSL3.0</code> </td>
</tr>
<tr>
<td>
<code>command</code>
......
......@@ -652,6 +652,7 @@ doRemoteOpen(virConnectPtr conn,
#ifndef WIN32
char *daemonPath = NULL;
#endif
char *tls_priority = NULL;
/* We handle *ALL* URIs here. The caller has rejected any
* URIs we don't care about */
......@@ -774,6 +775,7 @@ doRemoteOpen(virConnectPtr conn,
EXTRACT_URI_ARG_STR("pkipath", pkipath);
EXTRACT_URI_ARG_STR("known_hosts", knownHosts);
EXTRACT_URI_ARG_STR("known_hosts_verify", knownHostsVerify);
EXTRACT_URI_ARG_STR("tls_priority", tls_priority);
EXTRACT_URI_ARG_BOOL("no_sanity", sanity);
EXTRACT_URI_ARG_BOOL("no_verify", verify);
......@@ -845,12 +847,13 @@ doRemoteOpen(virConnectPtr conn,
#ifdef WITH_GNUTLS
priv->tls = virNetTLSContextNewClientPath(pkipath,
geteuid() != 0 ? true : false,
NULL,
tls_priority,
sanity, verify);
if (!priv->tls)
goto failed;
priv->is_secure = 1;
#else
(void)tls_priority;
(void)sanity;
(void)verify;
virReportError(VIR_ERR_INVALID_ARG, "%s",
......@@ -1126,6 +1129,7 @@ doRemoteOpen(virConnectPtr conn,
VIR_FREE(username);
VIR_FREE(port);
VIR_FREE(pkipath);
VIR_FREE(tls_priority);
VIR_FREE(knownHostsVerify);
VIR_FREE(knownHosts);
#ifndef WIN32
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册